On the Value of Coordination in Distributed Self-Adaptation of Intrusion Detection System

Author

Rehak, Markus ; Grill, Martin ; Stiborek, Jan

Author_Institution

Czech Tech. Univ., Prague, Czech Republic

Volume

2

fYear

2011

Firstpage

196

Lastpage

203

Abstract

We present an empirical study of distributed adaptation in an Intrusion Detection System. The adaptation model is based on a game-theoretical approach and we use regret minimization techniques to find globally robust behavior. We compare the effectiveness of global optimization, when all system components adopt the globally optimized strategy in a synchronized manner, with a fully distributed approach when two layers in the system adapt their strategies as a result of local adaptation process, with no synchronization or signaling. We show that the use of regret minimization techniques results in stable and long-term optimized behavior in both cases. Our experiments were performed on CAMNEP, an intrusion detection system based on analysis of Net Flow data, and were performed on the university network over one month.

Keywords

computer network security; data analysis; game theory; local area networks; minimisation; CAMNEP; NetFlow data analysis; coordination value; distributed self-adaptation; game-theoretical approach; global optimization; intrusion detection system; regret minimization techniques; university network; Convergence; Game theory; Games; Intrusion detection; Minimization; Optimization; Robustness; Adaptation; Game Theory; IDS; Regret minimization;

fLanguage

English

Publisher

ieee

Conference_Titel

Web Intelligence and Intelligent Agent Technology (WI-IAT), 2011 IEEE/WIC/ACM International Conference on

Conference_Location

Lyon

Print_ISBN

978-1-4577-1373-6

Electronic_ISBN

978-0-7695-4513-4

Type

conf

DOI

10.1109/WI-IAT.2011.172

Filename

6040776